STRUCTURE OF AN IP DATA


Here're some infos I gathered about IP data structure, and that I tried to put altogether in an array.

 0					 1                   2                   3 
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  IHL  |Type of service|      	Total Length			|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|        Identification         |Flags|     Fragment Offset     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Time to live   |Protocol       |Header Checksum                |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Source Adress                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Destination Adress                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Options                                   | Padding       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|																|
|																|
|						DATA						 			|


|																|
|																|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Version	: protocol version number

+++++++IHL		: length of the header, counted in 32-bits word length (min length=5 when the header doesn't contain any option)

+++++++Type of service: shows the caracterstics of the desired service, this field is composed as follow

   0     1     2     3     4     5     6     7
+-----+-----+-----+-----+-----+-----+-----+-----+
| PRECEDENCE      |  D  |  T  |  R  |  O  |  O  |
+-----+-----+-----+-----+-----+-----+-----+-----+

111=NetWork Control
110=InternetWork control
101= CRITIC/ECP
100=Flash Override
011=Flash
010=Immediate
001=Priority
000=Routines

Other bits meaning:
D=0 normal transmission delay   D=1 shorter delay
T=0 normal flow                 T=1 high flow
R=0 normal reliability          R=1 high reliability
Last 2 bits: dunno

+++++++Total length: total length (header + data) of the IP packet.

+++++++Identification: the identification of the packet is assigned by the source machine and is used to put all the segments back together. All the segments of a packet have the same value in this field

Flags: 3 bits
bit 1: always has to be set to 0.
bit 2 (DF):
	  if = 0 ---> the packet can be segmented
	  if = 1 ---> the packet can't be segmented
bit 3 (MF):
	  if = 0 ---> it's the last segment
	  if = 1 ---> there're others segments
	  
+++++++Fragment Offset: this fields specifies which part of the packet this segment belongs to. Its value is given w/ byte as unit. For the 1st segment this field is set to 0.

+++++++Time To live: this field specifies the time the packet can 'live' when it travels all over the net. This Field is decreased everytime this packet comes across a router. The packet is dropped out if the value in this field is equal to 0, and in this case a ICMP message is sent to the source machine (the traceroute command eg uses this property)

+++++++Protocol: yhis field specifies the protocol which will handle the datas of the packet. You can find all the protocols numbers usually in the file /etc/protocols if you use a unix system. This File could looks like
ip	0	IP	# internet protocol, pseudo protocol number
icmp	1	ICMP	# internet control message protocol
igmp	2	IGMP	# internet group multicast protocol
ggp	3	GGP	# gateway-gateway protocol
tcp	6	TCP	# transmission control protocol
pup	12	PUP	# PARC universal packet protocol
udp	17	UDP	# user datagram protocol
idp	22	IDP	# WhatsThis?
raw	255	RAW	# RAW IP interface

+++++++header checksum: simply the header checksum as it's written. =P
As certain field are modified along the packet's travel (e.g. the time to live field), this field is recomputed by every router that handles the packet. If there's an error found by the router, the packet is droped out.

+++++++Source adress: IP of the source machine

+++++++Destination adress: IP of the target machine

+++++++Options: this field is optional (ie, not present in every packet), but it MUST be handled by the IP layer of your system. Its length is variable, and there could be O to serveral options (errrÉ).

I dunno much about option, here's the few I know
There're 2 options format:
	- a single byte that specifies the option type.
	- several bytes: the 1st one specifies the option type, the 2d one the total length of the option field, The others are the options datas.

Scheme of the options byte.

   0     1     2     3     4     5     6     7
+-----+-----+-----+-----+-----+-----+-----+-----+
| CF  | Classes   |   Option number             |
+-----+-----+-----+-----+-----+-----+-----+-----+

le bit CF: specifies if the option is copied in every segments of the packet whenever the packet is segmented
bit classes: here're the value, I don't really what is it all about
 00: control
 01: dunno
 10: dunno
 11: dunno.
 
Differents types possibles:

+------+-----------+------------------------------------------------------+
| type | length    | description										  |
+------+-----------+------------------------------------------------------+ 
|   0  | w/out     |end of the option list								  |
|   1  | w/out     |no operation										  |
|  130 | 11        |security											  |
|  131 | variable  |??													  |
|  137 | variable  |??													  |
|   7  | variable  |record of the paths along the travel				  |
|  136 | 4         |Identification of the data flows					  |
|  68  | variable  |???													  |
+------+-----------+------------------------------------------------------+


+++++++Padding: dunno

Anonymous

PS: if anyone got any info about the stuff I couldn't mentionÉÊjust lemme know please.

PS bis: sorry for all the grammar and vocabulary mistakes as english isn't my native language